Every organization is different. And so is our approach. We work with you to determine your specific areas of concern and if they can be impacted. Together we will determine the correct scope for you (a system, application, network, or another asset of your organization).
- Avoid the financial, reputational and operations losses a cyber-attack could cause.
- Improve your security posture.
- Determine the effectiveness of your current security controls, identifying where existing investments can be better utilized and if required, where further investment is needed.
Once the target(s) have been selected the rules of engagement are determined. Testing may either be conducted externally or include on-site testing. The test duration will depend on the target’s complexity and specific requirements.
If required a “trophy” can be selected for the test, (these are useful in ensuring the test has the right context for any findings). Typically, this will be either to gain access to a specific system, breach the network, or get a specific user account.
Our team use a combination of automated tools and manual testing techniques.
Using both methods we are able to uncover the ‘low hanging fruit’ and the critical, ‘hard to find’ issues. Due to the experience of our intelligence team, our penetration testers are aware of the latest techniques used by attackers, and these are incorporated into the test as appropriate.
If a trophy has been specified, the team will hone their focus to zero in on achieving the goal. If not, then vulnerabilities identified will be tested to their conclusion and their impact assessed.
If a critical issue is found during testing, which may include signs of a breach, our team will immediately contact the client with details.
Full, transparent reporting is provided. A high level summary accompanied by detailed walkthroughs and analysis. Remediation details are also provided helping you to fix what we find.